[SR-Users] UAC, parsing auth header failed

Henning Westerholt henning.westerholt at 1und1.de
Thu Jul 1 16:53:08 CEST 2010 

On Thursday 01 July 2010, Ján ONDREJ (SAL) wrote:
> > ok, i'll change it in the code.
> 
> Thank you.

Hello Jan,

> Even if it's better, it still don't work for me.
> 
> Here is what is logged in log:
> 
> 0(1515) DEBUG: uac [auth_hdr.c:409]: hdr is <Authorization: Digest
> username="xxxx07500", realm="BroadWorks",
> nonce="BroadWorksXgb3lz7xdT18h03wBW",
> uri="sip:09xxxxxxxx at as.vvn.xxxxxx;user=phone", qop=auth, nc=00000001,
> cnonce="629288560", response="96cc89eca0eb44624e6572e6f6545dcc",
> algorithm=MD5
> 
> But I con't find any response in ACK packet send to our provider:

the response should be included in the second INVITE (or the message that was 
challenged).
 
> U xxx.xxx.137.250:5060 -> xxx.xxx.xxx.20:5060
> SIP/2.0 401 Unauthorized.
> Via: SIP/2.0/UDP xxx.xxx.xxx.20;branch=z9hG4bK2e5.758ec977.0.
> Via: SIP/2.0/UDP xxx.xxx.10.10;branch=z9hG4bK9270d540C0C4209D.
> From: "Ondrej Jan" <sip:xxxxxxx at as.vvn.xxxxxxx>;tag=56FAB897-DD2E3AD2.
> To: <sip:09xxxxxxxxx at as.vvn.xxxxxx;user=phone>;tag=860899010-1277989544929.
> CSeq: 2 INVITE.
> Call-ID: 754f437b-41f09f61-7b255ff4 at xxx.xxx.10.10.
> WWW-Authenticate: DIGEST
> realm="BroadWorks",qop="auth",algorithm=MD5,nonce="BroadWorksXgb3lz7xdT18h0
> 3wBW". Content-Length: 0.
> .
> 
> #
> U xxx.xxx.xxx.20:5060 -> xxx.xxx.137.250:5060
> ACK sip:09xxxxxxxx at as.vvn.xxxxxxx;user=phone SIP/2.0.
> Via: SIP/2.0/UDP xxx.xxx.xxx.20;branch=z9hG4bK2e5.758ec977.0.
> From: "Ondrej Jan" <sip:xxxxxx505 at as.vvn.xxxxxx>;tag=56FAB897-DD2E3AD2.
> To: <sip:09xxxxxxxx at as.vvn.xxxxx;user=phone>;tag=860899010-1277989544929.
> CSeq: 2 ACK.
> Call-ID: 754f437b-41f09f61-7b255ff4 at xxx.xxx.10.10.
> Max-Forwards: 68.
> Content-Length: 0.
> .
> 
> Is something wrong in my configuration? How these authenticate packets
> should look?

I never used uac_auth() so far, but normally you send a request like an INVITE 
to the host, its then challenged with e.g. a 401 including a nonce and some 
other parameters, you ACK it, and then you re-send the request with the added 
credentials.
 
> May be problem is, that I need to subst some strings in routed packets,
> because they need special username and they require to send their domain
> in From and To headers. Is this my problem? What should I search for in my
> logs?

Maybe the target do some comparisons on the credentials (like username, realm) 
and the From header? Are you able to login with a normal user agent (e.g. 
softphone) on the target if you just route the request through your proxy and 
do the same header modifications?

Regards,

Henning

More information about the sr-users mailing list